← Latest brief

Security news.

·Afternoon Brief

Today's security landscape is marked by active exploitation and state-sponsored threats. Several reports highlight ongoing campaigns by Russian and Iranian-linked actors targeting critical infrastructure and stealing credentials, while a critical RCE vulnerability in Flowise is also being actively exploited.

BLEEPINGRCE
Apr 7READ

Max severity Flowise RCE vulnerability now exploited in attacks

A maximum-severity vulnerability, CVE-2025-59528, in the open-source platform Flowise for building LLM apps is being actively exploited to execute arbitrary code.

BLEEPINGBREACH
Apr 7READ

Snowflake customers hit in data theft attacks after SaaS integrator breach

Over a dozen companies have experienced data theft after a SaaS integration provider was breached, leading to the compromise of authentication tokens used by Snowflake customers.

KREBSBREACH
Apr 7READ

Russia Hacked Routers to Steal Microsoft Office Tokens

Russian military intelligence-linked hackers (APT28) are exploiting known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users across more than 18,000 networks.

BLEEPING
Apr 7READ

US warns of Iranian hackers targeting critical infrastructure

Iranian-linked hackers are actively targeting Internet-exposed Rockwell/Allen-Bradley programmable logic controllers (PLCs) on U.S. critical infrastructure networks.

BLEEPINGBREACH
Apr 7READ

Authorities disrupt router DNS hijacks used to steal Microsoft 365 logins

An international law enforcement operation has disrupted FrostArmada, an APT28 campaign that hijacked MikroTik and TP-Link routers to steal Microsoft account credentials.

THNVULN
Apr 7READ

Docker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access

A high-severity vulnerability, CVE-2026-34040 (CVSS 8.8), in Docker Engine could allow attackers to bypass authorization plugins under specific circumstances, stemming from an incomplete fix for CVE-2024-41110.

CISAKEV
Apr 6READ

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added CVE-2026-35616, a Fortinet FortiClient EMS Improper Access Control Vulnerability, to its KEV Catalog due to evidence of active exploitation.

THNMALWARE
Apr 7READ

Over 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign

An active campaign is targeting internet-exposed instances of ComfyUI, a stable diffusion platform, to enlist them into a cryptocurrency mining and proxy botnet.

Generated twice daily from public security RSS feeds. Informational only.